Introduction
According to the Security Policy section 6.4 the Board must maintain a Key Persons List with all contact information needed in case a disaster recovery is needed. This page describes how this list is constructed, maintained and made available even if CAcert's core infrastructure is not available.
Who should be on the list
The following people should be on the Key Persons List:
- board members
- critical system administrators team leader + one backup
- infrastructure system administrators team leader + one backup
- application development team leader + one backup
- support team leader + one backup
- privacy officer
- public relations officer
- Oophaga access engineers
Which contact information should be maintained
The following contact information should be maintained for each list member:
- name
- e-mail addresses (in particular addresses which are not dependent on CAcert's infrastructure)
- business telephone number(s)
- private telephone number(s)
- mobile telephone number(s)
- physical address(es)
- chat handles [Skype, (non-CAcert) IRC, Jabber, MSN, etc.]
- indication of best contact method(s)
How to collect the information
The board designates a person (can be a board member, but can also be one of the other key persons) who is responsible for collecting the stated contact information from each key person on the list. Collection will be generally by e-mailing each list member with a request to supply his/her personal contact information, and a request to supply an update whenever something changes. The collector compiles all received contact information in a single overview ready for distribution (see below).
Updates
The collector will poll all key persons to verify whether the contact information is still up-to-date, and applie the updates to the compiled overview.
- of the board, after board elections
- of effected personnel, after significant team changes
- or, every 3 months
How to distribute the information
Because most of this information is likely to be privacy-sensitive for most people, the information will only be distributed to other key people list members with a strict instruction to only use it for purposes of CAcert disaster recovery support.
The collector will send out a complete Key People Contacts list every 3 months by e-mail to all people on the list. This way every list member should have a reasonably up-to-date version of the required information in his mailbox.
A warning should be included for people with a user@cacert.org address: they should save this message to a location which is not directly dependent on CAcert infrastructure, since that may not be available at the time the list is most needed!
Inputs & Thoughts
- 20111109-u60
Potential lists of Key People
By teams / projects -> OverviewProjectsBoard
By officers -> Teams
YYYYMMDD-YourName
Text / Your Statements, thoughts and e-mail snippets, Please